Prolific Egyptian hacker Virus_Hima has exploited a vulnerability in Yahoo!’s servers and databases, leaking some of the data which was stolen on the Internet.
Virus_Hima, reported to be a well known penetration tester, says his intentions are ethical and that he is seeking to highlight vulnerabilities in big sites such as Adobe, Microsoft, Yahoo!, Google, Apple, Facebook and many more.
According to Virus_Hima, neither Yahoo! nor Adobe responded to his alerts highlighting the vulnerabilities of the site.
In a statement, Virus_Hima said: “So I decided to teach both of them a hard lesson to harden them security procedures. It would make a disaster if such companies vulnerabilities was privately used in the underground and they never know about it! not only their customers been affected but the vendors themselves also suffer from such exploits. Adobe acrobat/flash, Yahoo data leak of that 400k emails, and that hotmail remote password reset vulnerabilities is an example..”
The hacker also said that he had never sold Yahoo data to anyone. In a statement he said: “I’ve published only little records for Adobe and I will never use/share/sell/publish Adobe/Yahoo data/exploits anywhere.
“I’m not the one on the news who is selling the Yahoo xss for 700$, you may noticed that his name is “TheHell” idk why that krebsonShitz is linking me to that attack! why i don’t sell things I got here? while it’s awesome stuff not just XSS!!! 2- I’m not planning to do any more leaks soon!”
The leaked data from Yahoo! includes full files backup for one of Yahoo domains, full access to “12″ of Yahoo Databases and a reflected-XSS (Cross Site Scripting) vulnerability.
Virus_Hima warned: “Always be proactive not reactive in safeguarding your critical data.”